Method and device for accessing and obtaining user equipment context and user equipment identity

ABSTRACT

A method and device for accessing and obtaining UE context and UE identity are provided. The method for access includes: when a UE accesses an SAE network, judging, by a network node, whether a GUMMEI carried by the UE or an MMEGI in the GUMMEI is allocated or mapped by the SAE network; if the GUMMEI or MMEGI is allocated by the SAE network, selecting, by the network node, an MME according to the GUMMEI, or according to the MMEGI and an MMEC, or according to a PLMN-id, the MMEGI and the MMEC; and if the GUMMEI or MMEGI is mapped by the SAE network, selecting, by the network node, an MME according to an MCC, an MNC and an MMEC in the GUMMEI. Therefore, the access of the UE is achieved.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation of International Application No.PCT/CN2009/072335, filed on Jun. 18, 2009, which claims priority toChinese Patent Application No. 200810039358.X, filed on Jun. 18, 2008,Chinese Patent Application No. 200810175964.4, filed on Nov. 3, 2008,and Chinese Patent Application No. 200910003541.9, filed on Jan. 5,2009, all of which are hereby incorporated by reference in theirentireties.

FIELD OF THE TECHNOLOGY

The present invention relates to the field of communicationstechnologies, and more particularly to a method and a device foraccessing and obtaining user equipment (UE) context and UE identity.

BACKGROUND OF THE INVENTION

Existing communication networks include conventional Second Generation(2G) communication networks, 3rd Generation (3G) communication networks,and Long Term Evolution/System Architecture Evolution (LTE/SAE) networksintegrated with more advanced technologies. A communication network isgenerally formed by a Radio Access Network (RAN) and a Core Network(CN). Different communication networks adopt different Radio AccessTechnologies (RATs) to access the CN, that is, different communicationnetworks have different RANs. For example, a RAN of a 3 G communicationnetwork is referred to as a Universal Terrestrial Radio Access Network(UTRAN), and a RAN of a SAE communication network is referred to as anEvolved UTRAN (E-UTRAN).

The RAN is formed by RAN nodes, for example, a Radio Network Controller(RNC) and a base station (NodeB) in the UTRAN; and the CN is formed byCN nodes, for example, a Serving General Packet Radio Service (GPRS)Support Node (SGSN) in the UTRAN, or a Mobility Management Entity (MME)in the E-UTRAN. Functions of the MME are to store mobility managementcontext of a user equipment (UE), briefly referred to as UE context, forexample, UE identity, mobility management state, and locationinformation.

In the prior art, a RAN node may be routed to a plurality of CN nodes,that is, the RAN node may route an initially accessing UE to differentCN nodes. The CN nodes form a Pool. The CN nodes, for example, theSGSNs, in a Pool in a 2G/3G system are identified by Network ResourceIdentifiers (NRIs), and the CN nodes in a Pool in an SAE system areidentified by Globally Unique Mobility Management Entity Identifiers(GUMMEIs).

When a UE accesses a communication network, the communication networkallocates a temporary identity to the UE, for example, a 2G/3G systemallocates a Packet Temporary Mobile Subscriber Identity (P-TMSI)/TMSI tothe UE, while an SAE system allocates a Global Unique Temporary Identity(GUTI) to the UE, where the GUTI contains a GUMMEI. Since the UE maymove between different communication networks, when the UE is handedover from the original communication network to a new communicationnetwork, or handed over from the original CN node to a new CN node, theoriginal CN node needs to be found by using the NRI/GUMMEI and thetemporary identity of the UE to obtain the context of the UE, forachieving a rapid handover. For a handover between differentcommunication networks, since the communication networks adopt differentRATs, when the UE is handed over from the original communication networkto a new communication network, the identify of a RAT of the originalcommunication network, that is, the identity of an old RAT, also needsto be mapped to the identify of a RAT of the new communication networkfor access, so that the CN node in the original communication networkcan be found, and the UE context can be obtained.

Specifically, a GUTI has the following structure: GUTI=GUMMEI+M-TMSI(MME-TMSI); where GUMMEI=PLMN-id+MMEI, PLMN-id=MCC+MNC; and MMEI=MMEGroup ID+MMEC; therefore, the following equations can be obtained:

GUTI=MCC+MNC+MME Group ID (16 bit)+MMEC (8 bit)+M-TMSI (32 bit);

GUMMEI=MCC+MNC+MME Group ID+MMEC;

MMEI=MME Group ID+MMEC;

S-TMSI (40 bit)=MMEC+M-TMSI

When the UE carrying the 2G/3G temporary identity P-TMSI/old RoutingArea Identifier (RAI) accesses the SAE system, the 2G/3G temporaryidentity needs to be mapped to a GUTI, as shown in FIG. 11, that is, theMobile Country Code (MCC) and the Mobile Network Code (MNC) in the oldRAI needs to be mapped to an MCC and an MNC in the GUTI respectively,the Location Area Code (LAC) needs to be mapped to a Mobility ManagementEntity Group Identity (MMEGI) in the GUTI, the NRI needs to be mapped toa Mobility Management Entity Code (MMEC) in the GUTI, and the RoutingArea Code (RAC) and other P-TMSI contents needs to be mapped to anM-TMSI in the GUTI.

In the implementation of the present invention, the inventor finds thatthe prior art has at least the following problems.

Since the mapped RAT identity is different from the real RAT identity,it is possible that no CN node corresponding to the mapped RAT identitywill be found, that is, it is possible that no new CN node can beselected in the new communication network.

In addition, since different communication networks are involved, if thenew CN node cannot identify whether the current RAT identity is the realRAT identity or the mapped RAT identity, it cannot be known which formof RAT can be used to obtain the UE context from the original CN node,resulting in that the UE context cannot be obtained.

SUMMARY OF THE INVENTION

The embodiment of the present invention is directed to a method anddevice for access and obtaining user equipment context and userequipment identity, so as to achieve flexible application of temporaryidentities.

An embodiment of the present invention provides a method for access,which includes:

when a user equipment (UE) accesses a System Architecture Evolution(SAE) network, judging, by a network node, for example, an eNodeB or apreset central node, whether a Globally Unique Mobility ManagementEntity Identifier (GUMMEI) carried by the UE or a Mobility ManagementEntity Group Identity (MMEGI) in the GUMMEI is allocated by the SAEnetwork or mapped;

if the GUMMEI or MMEGI is allocated by the SAE network, selecting, bythe eNodeB, a Mobility Management Entity (MME) according to the GUMMEI,or according to the MMEGI and a Mobility Management Entity Code (MMEC),or according to a selected Public Land Mobile Network Identity(PLMN-id), the MMEGI and the MMEC; and

if the GUMMEI or MMEGI is mapped, selecting, by the eNodeB, an MMEaccording to a Mobile Country Code (MCC), a Mobile Network Code (MNC)and an MMEC in the GUMMEI, or according to the MMEC in the GUMMEI, oraccording to a selected PLMN-id and the MMEC in the GUMMEI.

An embodiment of the present invention further provides a method foraccess, which includes:

when a UE accesses an SAE network, judging, by an MME, whether a GlobalUnique Temporary Identity (GUTI) carried by the UE is allocated by theSAE network or mapped;

if the GUTI is allocated by the SAE network, obtaining, by the MME, a UEcontext from an old MME by using the GUTI; and

if the GUTI is mapped, reconstructing, by the MME, an old Routing AreaIdentification (old RAI) and a Packet Temporary Mobile SubscriberIdentity (P-TMSI) from the GUTI, and obtaining the UE context from anold Serving General Packet Radio Service (GPRS) Support Node (old SGSN)by using the old RAI and P-TMSI, or reconstructing, by the MME, an oldRAI and a Temporary Logical Link Identity (TLLI) from the GUTI, andobtaining the UE context from the old SGSN by using the old RAI andTLLI.

An embodiment of the present invention further provides a method foraccess, which includes:

when a UE accesses an SAE network, mapping, by an MME, a GUTI carried bythe UE to an old RAI and a P-TMSI, or mapping, by the MME, the GUTIcarried by the UE to a TLLI and a P-TMSI Signature;

obtaining, by the MME, a UE context from an old MME or an old SGSN byusing the mapped old RAI and P-TMSI, or mapped TLLI and P-TMSISignature; and

reconstructing, by the old MME, a GUTI from the old RAI and P-TMSI, orfrom the old RAI and TLLI and P-TMSI Signature, and returning the UEcontext to the MME according to the reconstructed GUTI.

An embodiment of the present invention further provides a method foraccess, which includes:

when a UE accesses an SAE network,

if the old node is an MME, obtaining, by the MME, a UE context from anold MME by using a GUTI;

if the old node is a Gn/Gp SGSN, reconstructing, by the MME, an old RAIand a P-TMSI from the GUTI, and obtaining the UE context from the oldSGSN by using the old RAI and P-TMSI; or reconstructing, by the MME, aTLLI from the GUTI, and obtaining the UE context from the old SGSN byusing the TLLI; and

if the old node is an S4 SGSN, obtaining, by the MME, the UE contextfrom the old SGSN by using the GUTI; and reconstructing, by the oldSGSN, an old RAI and a P-TMSI from the GUTI, finding the UE context byusing the old RAI and P-TMSI, and returning the UE context to the MME,or reconstructing, by the old SGSN, an old RAI/TLLI from the GUTI,finding the UE context by using the old RAI/TLLI, and returning the UEcontext to the MME.

In an embodiment of the present invention further provides a method foraccess, which includes:

when a UE accesses a 2G/3G network, finding, by an SGSN, an address of acorresponding old entity according to an old RAI and a P-TMSI carried bythe UE, or finding, by the SGSN, an address of a corresponding oldentity according to a TLLI carried by the UE, and obtaining a UE contextfrom an old entity; and

if the old entity is an old MME, reconstructing, by the old MME, a GUTIfrom the old RAI and P-TMSI, or reconstructing, by the old MME, a GUTIfrom the TLLI and a P-TMSI Signature, and finding and returning the UEcontext to the SGSN.

In an embodiment of the present invention further provides a method foraccess, which includes:

when a UE accesses a 2G/3G network, determining, by an SGSN, whether acorresponding old entity is an old SGSN or an old MME according towhether an old RAI and a P-TMSI carried by the UE are allocated by the2G/3G network or mapped, or according to whether a TLLI and a P-TMSISignature carried by the UE are allocated by the 2G/3G network ormapped;

if the old RAI and P-TMSI carried by the UE are mapped, or the TLLI andP-TMSI Signature carried by the UE are mapped, and the old entity is anold MME, reconstructing, by the SGSN, a GUTI according to the old RAIand P-TMSI, or reconstructing, by the SGSN, a GUTI according to theTLLI/P-TMSI Signature, and obtaining a UE context from the old MME byusing the GUTI; and finding, by the old MME, the UE context according tothe GUTI and returning the UE context to the SGSN; and

if the old RAI and P-TMSI carried by the UE are allocated by the 2G/3Gnetwork, or the TLLI and P-TMSI Signature are allocated by the 2G/3Gnetwork, and the old entity is an old SGSN, obtaining, by the SGSN, theUE context from the old SGSN by using the old RAI and P-TMSI, orobtaining, by the SGSN, the UE context from the old SGSN by using theTLLI.

An embodiment of the present invention further provides a method forobtaining a UE context, which includes:

when a temporary identity indicated by a Temporary Identity used in Nextupdate (TIN) is consistent with an additional temporary identity,carrying, by a UE, only the temporary identity indicated by the TIN foraccess; and

finding, by an access node, a UE context by using the temporary identityindicated by the TIN carried by the UE.

An embodiment of the present invention further provides a method forobtaining a UE context, which includes:

during Tracking Area Update (TAU) or Routing Area Update (RAU) in ahandover process, only carrying, by a UE, a TMSI of a current RAT systemor not carrying any TMSI, and finding, by the UE, a UE context through aconnection established by a target network.

An embodiment of the present invention further provides a method forobtaining a UE identity, which includes:

in an Attach process initiated by a UE,

if the UE has a temporary identity of an RAT, carrying, by the UE, thetemporary identity, and finding, by an access entity, a correspondingnode according to the temporary identity, and obtaining an InternationalMobile Subscriber Identity (IMSI) and a security parameter of the UE;and

if the UE does not have the temporary identity of the access RAT, buthas a temporary identity of another RAT, carrying, by the UE, thetemporary identity of the another RAT, and finding, by the accessentity, a corresponding node according to the temporary identity of theanother RAT, and obtaining an IMSI and a security parameter of the UE.

An embodiment of the present invention further provides a network sidedevice, which includes:

an identity attribute obtaining module, configured to obtain anattribute of a temporary identity of a UE currently accessing a network,wherein the attribute of the temporary identity of the UE is whether theUE identity is allocated by the network side or mapped; and

a network resource node allocation module, configured to allocate anetwork resource node to the UE according to the attribute of thetemporary identity of the UE.

An embodiment of the present invention further provides an accessmethod, which includes:

when a UE accesses an SAE network, carrying, by the UE, an SAE TemporaryMobile Subscriber Identity (i.e., S-TMSI, which is formed by an MMEC andan M-TMSI, and if the UE carries a 2G/3G identity and accesses theSAE/LTE system, the S-TMSI is really mapped by an NRI and an RAC and apart of a P-TMSI) in a Radio Resource Control (RRC) Connection Requestmessage sent to an evolved NodeB (eNodeB), where a GUMMEI is not carriedin an RRC Connection Setup Complete message sent to the eNodeB; and

selecting, by the eNodeB, a corresponding MME according to the receivedS-TMSI, and if no corresponding MME exists, selecting, by the eNodeB, anew MME.

Through the embodiment of the present invention, it is distinguishedwhether a temporary identity carried by a UE when accessing a network isallocated by the network or mapped, so as to adopt different accessmethods for different temporary identities, thereby achieving flexibleapplication of temporary identities.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a schematic flowchart of an access method according to a firstembodiment of the present invention;

FIG. 2 is a schematic flowchart of an access method according to a thirdembodiment of the present invention;

FIG. 3 is a schematic flowchart of an access method according to afourth embodiment of the present invention;

FIG. 4 is a schematic flowchart of an access method according to a fifthembodiment of the present invention;

FIG. 5 is a schematic flowchart of an access method according to a sixthembodiment of the present invention;

FIG. 6 is a schematic flowchart of an access method according to aseventh embodiment of the present invention;

FIG. 7 is a schematic structural view of a network device according toan embodiment of the present invention;

FIG. 8 is a schematic view of a network scenario according to the firstembodiment of the present invention;

FIG. 9 is a flowchart of a method for accessing an SAE/LTE network by aUE by using TA Registered Case according to the second embodiment of thepresent invention;

FIG. 10 is a flowchart of a method for accessing an SAE/LTE network by aUE by using TA Not Registered Case according to the second embodiment ofthe present invention; and

FIG. 11 is a schematic view of mapping a 2G/3G temporary identity to aGUTI.

DETAILED DESCRIPTION OF THE EMBODIMENTS

The present invention is hereinafter described in detail with referenceto some exemplary embodiments and the accompanying drawings.

Embodiment 1

This embodiment provides a method for distinguishing an LAC and anMMEGI, for example, the LAC and the MMEGI can be distinguished bysetting a bit in the LAC and a corresponding bit in the MMEGI to havedifferent values. In a specific setting method, for example, the firstbit of the MMEGI is 1, and the first bit of the LAC is 0, and the bit isreferred to as a flag bit for distinguishing the MMEGI and the LAC, anddefinitely, other bits may also be used as the distinguishing flag bit.In this way, when a UE accesses an eNodeB by using a GUTI mapped from anold RAI and a P-TMSI in a 3G network, or mapped from the old RAI and aTLLI in a 2 G communication network, the eNodeB identifies through thedistinguishing flag bit or bits whether the UE uses an real temporaryidentity or a mapped temporary identity for access. For example, theeNodeB identifies whether the UE accesses by using a temporary identityallocated by the SAE network (for example, GUMMEI, S-TMSI or GUTI), or amapped temporary identity, such as the GUTI mapped from the old RAI andP-TMSI (or old RAI and TLLI) as described above. In a case that the UEcarries the mapped GUTI for access, the eNodeB selects an MMEcorresponding to the MMEC mapped from an NRI, and the MME may not be theMME in which the UE registered. Alternatively, the eNodeB selects theMME supporting Idle mode Signaling Reduction (ISR), or a combined node,or a configured node.

Referring to FIG. 1, in the process of accessing the SAE network, the UEcarries GUMMEI information in a Radio Resource Control (RRC) part, thatis, carries GUMMEI information in the RRC part in a TAU Request messagesent by the UE to the eNodeB. The eNodeB checks whether the GUMMEI is amapped GUMMEI, or a GUMMEI allocated by the SAE network, and if theGUMMEI is a GUMMEI allocated by the SAE network, the eNodeB determinesan MME according to all information in the GUMMEI, that is,MCC+MNC+MMEGI+MMEC, or MMEGI+MMEC, or selected PLMN+MMEGI+MMEC.Alternatively, the eNodeB fails to find a corresponding GUMMEI andreselects an MME. If an MME corresponding to MCC+MNC+MMEGI+MMEC orMMEGI+MMEC or selected PLMN+MMEGI+MMEC exists, the eNodeB selects theMME, and the GUMMEI of the MME is consistent with the GUMMEI carried bythe UE or correspondingly consistent with MMEGI+MMEC or selectedPLMN+MMEGI+MMEC. If no corresponding MME exists, the eNodeB reselects anMME. If the GUMMEI is a mapped GUMMEI, the eNodeB determines an MMEaccording to MCC+MNC+MMEC in the GUMMEI or only according to MMEC orselected PLM+MMEC. Specifically, if the MCC, the MNC, and the MMEC of anMME are consistent with the MCC, MNC, and MMEC (mapped from NRI) carriedby the UE or an MME is configured to be selected, for example, if theeNodeB is configured with an MMEC or NRI corresponding to an MME, theMME is selected; otherwise, an MME is reselected.

Alternatively, in the process of accessing the SAE network, the UEidentifies, according to the identity to be carried by the UE, anidentity to be carried. For example, the UE identifies, by using aTemporary Identity used in Next update (TIN), an identity to be carried.If TIN=“P-TMSI”, it indicates that an identity mapped from theP-TMSI/old RAI needs to be carried for next access, and if TIN=“GUTI”,it indicates that an identity in the SAE network needs to be carried fornext access, and if TIN=“RAT-related TMSI”, it indicates that a TMSIallocated by an RAT to be accessed next time is used. Therefore, if theTIN of the UE is equal to “P-TMSI”, the UE may not carry the mappedGUMMEI in the RRC part to access the network, but may carry an S-TMSI(formed by an MMEC and an M-TMSI, and really mapped by an NRI and an RACand a part of a P-TMSI) in the RRC part to access the network, so thatthe eNodeB does not obtain the MMEGI, and the eNodeB selects an MMEaccording to the MMEC (mapped from NRI) in the S-TMSI. Definitely, if anMOCN exists, the eNodeB may not only select an MME according to the MMECin the S-TMSI, but also select an MME according to selected PLMN-idinformation, that is, the eNodeB selects an MME according to theselected PLMN-id and the MMEGI and MMEC. Specifically, if MCC+MNC in aGUMMEI of an MME is identical to the selected PLMN-id carried by the UE,and an MMEC in the GUMMEI of the MME is identical to the MMEC carried bythe UE, the network node selects the MME. Moreover, the UE also needs tocarry a mapped GUTI in a Non Access Stratum (NAS) part, so as to enablethe MME to obtain a context from an old SGSN.

Alternatively, the eNodeB configures an LAC list, and when the eNodeBfinds that the MMEGI belongs to the LAC list, the eNodeB selects acorresponding MME. For example, when the eNodeB finds that the GUMMEIcarried by the UE is consistent with an identity of a corresponding MMEconfigured on the eNodeB, the corresponding MME is selected; otherwise,if no corresponding MME exists, a new MME is selected. The GUMMEI of theMME is really mapped from PLMN-id+LAC+NRI. For example, a Pool of an SAEnetwork overlaps a Pool of a 2G/3G network, and an MME/SGSN combinednode exists in the Pool, and three Routing Areas (RAs), namely, RAI1,RAI2, and RAI3, exist in the Pool of the 2G/3G network. When the UEmoves from the 2G/3G network to the SAE network and accesses the SAEnetwork, the UE uses the GUTI mapped from the old RAI/P-TMSI for access,and the eNodeB finds, according to configured information, that the UEuses the mapped GUTI, and an RA before mapping belongs to one of theRAI1, RAI2, and RAI3. At this time, the eNodeB selects a correspondingMME according to MCC+MNC+MMEC (mapped from NRI) or MMEC or selectedPLMN+MMEC, even if the MCC, MNC, MMEGI, and MMEC are not all consistent.If no corresponding MME satisfying the above conditions exists, forexample, no MME belongs to the configured RAIs, an MME is reselected.

The eNodeB may configure the LAC list by using the following method.

The MME maps a configured LAC to a GUMMEI and sends the GUMMEI to theeNodeB through an S1 SETUP RESPONSE message or MME CONFIGURATION UPDATEmessage, and the eNodeB records the S1 SETUP RESPONSE message or the MMECONFIGURATION UPDATE message, and stores the message in configurationinformation, that is, in the LAC list. An example will be given belowfor illustration.

For example, in FIG. 8, Pool1 includes an SGSN Pool and an MME Pool,SGSN1, SGSN2, MME1, and MME2 are nodes in the Pool1, and an MME/SGSNcombined node SGSN3/MME3 also exists in the Pool1. In FIG. 8, LAC1,LAC2, LAC3 and LAC4 are respectively location area codes in the 2G/3Gnetwork, and TA1, TA2, TA3 and TA4 are respectively tracking areas ofthe SAE network. From the view of the SAE system, a GUMMEI of thecombined node SGSN3/MME3 is PLMN-id (PLMN Identity,PLMN-id=MCC+MNC)+MMEGI (that is, id of the MME Pool)+MMEC (that is, idof the MME3 in the MME Pool). In order to enable the UE registering tothe combined node, the SGSN3, to select the combined node when enteringthe SAE area from the 2G/3G area, the MME3 may configure all LACs in theSGSN3 Pool into the eNodeB so as to form an LAC list, and the method isas follows.

For each LAC in the Pool1, the MME3 respectively forms a GUMMEI, and theGUMMEI is corresponding to PLMN-id+LAC+NRI (i.e., an NRI configured by acombined node to the SGSN, that is, the SGSN3, generally equal to anMMEC configured by the combined node to the MME). Therefore, the MME3may form several GUMMEIs. The MME3 sends a list of an real GUMMEI (anidentity in the SAE network) and mapped GUMMEIs (each LAC in the Pool1is corresponding to one GUMMEI) to the eNodeB through the S1 SETUPRESPONSE message or MME CONFIGURATION UPDATE message, and the eNodeBstores the GUMMEI list (or the LAC list, since each LAC has acorresponding GUMMEI), so that when the UE registering to the SGSN3enters an E-UTRAN area from an LAC, such as LAC1 or LAC2, in Pool1, andaccesses the eNodeB, since the identity carried by the UE for access isthe GUMMEI (mapped from PLMN-id+LAC1+NRI), the eNodeB can know, byquerying the configuration, that is, by querying the previously storedlist of real GUMMEI and mapped GUMMEIs, that the GUMMEI is correspondingto the MME3 real, and then directly select the MME3.

The above configuration method is disadvantageous in that, due to thecombined node and ISR requirements, one MME may have a large number ofmapped GUMMEIs, and since the MME forms a corresponding MMEGI for eachLAC in the Pool, and even the MME respectively configures an MMEGI foreach LAC in the neighboring SGSN Pool so as to meet the ISRrequirements, the S1 SETUP RESPONSE message or MME CONFIGURATION UPDATEmessage may need to carry a large number of GUMMEIs.

Currently, the S1 SETUP RESPONSE message and MME CONFIGURATION UPDATEmessage carry the GUMMEI list through the following method, as shown inTable 1, where other information elements (lEs) are omitted forconvenience of description.

TABLE 1 IE/Group Name (information element name) . . . Served GUMMEIs(list of served GUMMEIs) . . . >GUMMEI (GUMMEI value) . . .

As shown in Table 1, the S1 SETUP RESPONSE message or MME CONFIGURATIONUPDATE message carries a complete GUMMEI list, that is, a list of theserved GUMMEIs. In addition, when the SGSN Pool adds/deletes/modifies anLAC, the MME resends all the GUMMEI lists to each eNodeB through an MMECONFIGURATION UPDATE message. Since the GUMMEI list is large, and alarge number of eNodeBs are involved, it inevitably leads totransmission of a large amount of information in the network, whichincreases the signaling traffic in the network, that is, increases thenetwork overhead. For example, if a Pool has 10 MMEs and 200 eNodeBs,when a related LAC is changed, each MME needs to send an MMECONFIGURATION UPDATE message to each eNodeB, which means that 2000CONFIGURATION UPDATE messages will be transmitted over the S1 interface,and each message contains all the GUMMEI lists (both updated andnon-updated ones need to be sent). In order to avoid this situation, theembodiment of the present invention may also adopt the following method.

(1) In order to reduce the size of the configuration message such as theS1 SETUP RESPONSE message or MME CONFIGURATION UPDATE message, andrealize that the configuration message such as the S1 SETUP RESPONSEmessage or MME CONFIGURATION UPDATE message does not need to carry alarge number of GUMMEI lists, the GUMMEI may be decomposed, and thenlists respectively formed by the components of the GUMMEI are sent, thatis, an LAC list configuration message sent by the MME to the eNodeBcarries a PLMN-id list, an MMEGI list, and an MMEC list, which isspecifically described as follows.

Since the MME forms a corresponding GUMMEI for each LAC in the Pool,really configuration of an LAC list by the eNodeB may also be construedas configuration of a GUMMEI list on the eNodeB. Since the GUMMEI isformed by PLMN-id+MMEGI+MMEC, if a GUMMEI is formed by a mapping method,an real value of the GUMMEI is PLMN-id+LAC+NRI. Generally speaking, theMMEC and NRI have the same values, and the PLMN-id also has the samevalue, so that the GUMMEI list contains a lot of identical contents.Therefore, as shown in Table 2, the GUMMEI list can be modified into aform of PLMN-id (that is, PLMN Identity in the table)/PLMN-id list+MMEGIlist+MMEC/MMEC list, where PLMN-id list refers to a list of thePLMN-ids, MMEGI list refers to a list of the MMEGs, and MMEC list refersto a list of the MMECs.

TABLE 2 IE/Group Name (information element name) . . . Served PLMN (listof served PLMNs) . . . >PLMN Identity (PLMN value) . . . Served GUMMGIs. . . (list of served GUMMGIs, briefly referred to as GUMMGI listherein) >MMEGI (MMEGI value) . . . Served MMEC/MMEC list (list of servedMMECs or . . . served MMECs, briefly referred to as MMEC list or MMEClist)

Generally, the PLMN-id and MMEC in the GUMMEI list have the same values,and only the MMEGI has different values, so the sending of a largeamount of repetitive PLMN-id and MMEC can be saved by modifying theGUMMEI list into the form of PLMN-id+MMEGI list+MMEC. Definitely, in acase that multiple PLMNs are supported, the PLMN-id may also be modifiedinto a PLMN-id list, and similarly, the MMEC may also be modified intoan MMEC list. The eNodeB receives and stores the modified list, andcombines the information such as PLMN-id, MMEGI list and MMEC in thetable into a GUMMEI list, thereby completing the configuration of an LAClist.

For example, currently, the PLMN-id occupies 3 bytes, the MMEGI occupies2 bytes, and the MMEC occupies 1 byte. If an MME Pool supports 3 PLMNs,the MME Pool needs to configure 100 MMEGIs and one MMEC, where the 100MMEGIs include 1 real MMEGI and 99 MMEGIs mapped from the LAC. If thecurrent configuration method is adopted, the size of the GUMMEI list is:3*100*(3+2+1)=1800 bytes. If the method in the embodiment of presentinvention is adopted, the GUMMEI list is formed by the PLMN-id list, theMMEGI list and the MMEC list, and occupies 3*3 (PLMN-list)+100*2(MMEGIlist)+1*1(MMEC list)=210 bytes. It can be seen that, the space occupiedby the GUMMEI list is greatly reduced.

(2) In order to solve the problem that when an LAC or GUMMEI is changed,the MME needs to send all the GUMMEI lists to the eNodeB, which leads totransmission of a large amount of information in the network, theembodiment of the present invention proposes that, when an LAC or GUMMEIis changed, the MME sends an indication message to the eNodeB, whichindicates the eNodeB to add/modify/delete the GUMMEI in the LAC list,for example, the MME carries an indication in an MME CONFIGURATIONUPDATE message sent to the eNodeB, and specifies the change of the LACor GUMMEI in the indication, that is, whether one GUMMEI or a pluralityof GUMMEIs is added, or a GUMMEI is modified, or a GUMMEI is deleted.The modified MME CONFIGURATION UPDATE message is as shown in Table 3.

TABLE 3 IE type and IE/Group Name Presence reference (information(Mandatory/ Range (reference element name) Optional) (range) value)Message Type M (Mandatory) (message type) MME Name O (Optional) OCTET(MME name) STRING Served PLMNs 0..<maxnoofPLMNsPer (list of served MME>PLMNs, briefly (0 to the maximum referred to as number of PLMNs PLMNlist) supported by each MME) >PLMN Identity M (Mandatory) (PLMN value)Served 0..<maxnoofGUMMEIs> GUMMEIs (0 to the maximum (list of servednumber of GUMMEIs GUMMEIs, supported by each MME) briefly referred to asGUMMEI list) >original O (Optional) GUMMEI (original GUMMEI value) >newGUMMEI O (Optional) (new GUMMEI value) >behavior O (Optional) <add,modify, delete> (behavior) (add, modify, delete) Relative MME O(Optional) Capacity (relative MME capacity)

Definitely, it may also be directly indicated in the message whether toadd/modify/delete a GUMMEI, and the MME does not need to send otherunchanged GUMMEIs to the eNodeB, which may be, for example, implementedas follows.

When the MME needs to add a GUMMEI, the MME sends an MME CONFIGURATIONUPDATE (new GUMMEI, behavior=‘add’) message to the eNodeB, where “newGUMMEI” indicates an identity (ID) of a GUMMEI to be added,“behavior=‘add’” indicates that a GUMMEI needs to be added to theoriginal LAC list, and “behavior” is an information element (IE), whosevalue represents a specific behavior. In this way, after receiving theMME CONFIGURATION UPDATE (new GUMMEI, behavior=‘add’) message, theeNodeB adds a GUMMEI to the original LAC list.

When the MME needs to delete a GUMMEI, the MME sends an MMECONFIGURATION UPDATE (GUMMEI, behavior=‘delete’) message to the eNodeB,where “GUMMEI” indicates an ID of a GUMMEI to be deleted from theoriginal LAC list, and “behavior=‘delete’” indicates that a GUMMEI needsto be deleted. After receiving the message, the eNodeB deletes acorresponding GUMMEI from the original LAC list according to themessage.

When the MME needs to modify a GUMMEI, the MME sends an MMECONFIGURATION UPDATE (new GUMMEI, GUMMEI, behavior=‘modify’) message tothe eNodeB, where “behavior=‘modify’” indicates that a GUMMEI in theoriginal LAC list needs to be modified, “GUMMEI” indicates an ID of aGUMMEI to be modified, and “new GUMMEI” indicates an ID of a GUMMEI tobe changed to after modification, that is, the ID of the GUMMEIcorresponding to “GUMMEI” in the original LAC list needs to be modifiedinto “new GUMMEI”.

Definitely, the IE “behavior” may not be carried, for example, “updatedGUMMEI” and “new GUMMEI” may be used to indicate the behavior, where“updated GUMMEI” indicates that an original GUMMEI needs to be updated,and new GUMMEI indicates that a new GUMMEI needs to be added. In thisway, if updated GUMMEI has no value or is not carried, and new GUMMEI=5,it indicates that a GUMMEI having an ID of 5 needs to be added; ifupdated GUMMEI=5, and new GUMMEI has no value or is not carried, itindicates that a GUMMEI having an ID of 5 needs to be deleted; and ifupdated GUMMEI=5, and new GUMMEI=10, it indicates that the ID of aGUMMEI having an ID of 5 needs to be modified into 10.

(3) Definitely, in order to further reduce the number of messages sentto the eNodeB when an LAC or GUMMEI is changed, and reduce the signalingtraffic between the MME and the eNodeB, another method may also beadopted, which is described as follows.

All configuration information is collected in a preset central node. Thecentral node may be a preset eNodeB, or a preset MME. The central nodehas configuration information of all MMEs, and if configurationinformation of an MME is changed, the central node sends a configurationmessage, for example, sends an S1 SETUP RESPONSE message or MMECONFIGURATION UPDATE message, to all eNodeBs. Therefore, when thecentral node needs to send configuration information to the eNodeB, theconfiguration information of all MMEs is sent. For example, a GUMMEIlist in the S1 SETUP RESPONSE message or MME CONFIGURATION UPDATEmessage is not a GUMMEI list of one MME, but is a GUMME list of allMMEs. Definitely, in order to implement the method, the 51 SETUP REPONSEmessage needs to be modified, and the modified S1 SETUP REPONSE messageis as shown in Table 4.

TABLE 4 Presence IE/Group Name (Mandatory/ Range (information elementname) Optional) (range) Message Type M (Mandatory) (message type) GUMMEI(list of MMEIs, 1..<maxnoofMMEper GUMMEI being taken as an MME Pool>index) (1 to the maximum number of MMEs in each Pool) > MME Name (MMEname) M (Mandatory) > Mapped GUMMEI list (list of GUMMEIs) > RelativeMME Capacity M (Mandatory) (relative MME capacity) CriticalityDiagnostics O (Optional) (diagnosis)

In the table, “GUMMEI” is an real GUMMEI of each MME, and each MME hasonly one real GUMMEI. Here, the mapped GUMMEI is not considered. EachMME uses the real GUMMEI as a unique identity. Information of all MMEsis collected to form an MME list. Each MME in the MME list has specificconfiguration information, for example, MME name, capacity, and mappedGUMMEI list. Here, GUMMEI list may be a (PLMN-id+MMEGI+MMEC) list, orPLMN-id list+MMEGI list+MMEC list, and the mapped GUMMEI list may notexist.

To sum up, the central node provides configuration information of allMMEs in the MME Pool to the eNodeBs in the Pool through a configurationmessage, so that when an LAC or GUMMEI is changed, the central node onlyneeds to send an MME CONFIGURATION UPDATE message to each eNodeB,without requiring each MME to send a message to each eNodeB, therebyreducing the number of messages transmitted in the network. For example,if an MME Pool has 10 MMEs and 200 eNodeBs, when an LAC is changed, thecentral node only needs to send a configuration message regardingchanged configuration to the 200 eNodeBs, and the number of messages isonly 200. Definitely, before this, the MME may also need to send aconfiguration message of the MME to the central node.

The three methods (1), (2), and (3) may be used separately, or used incombination. Definitely, the combination can achieve a better effect,for example, if the method (1) and the method (2) are used incombination, when 10 LACs are added, the MME only needs to updateinformation of the 10 LACs, and then sends PLMN-id list+10 MMEGIs mappedfrom LACs+MMEC to the eNodeB, and in a case that CN nodes of multipleoperators are not supported, the size of the message sent to the eNodeBis only 3+20+1=24 byte. Otherwise, if only the method (1) is used,although the message size is reduced, the number of messages is notchanged, that is, all GUMMEI information (including non-updatedinformation) needs to be sent to the eNodeB; while if only the method(2) is used, although the number of messages is reduced, the messagesize is still 6*10=60 bytes, which is apparently much larger than themessage size achieved by using the method (1) and the method (2) incombination, that is, “24 bytes”. Definitely, the method (3) may also beused in combination with the method (1) and/or the method (2), whichwill not be described in detail herein.

It should be noted that, although this embodiment is illustrated bytaking the use of an eNodeB as the network node as an example, thenetwork node may also be the central node, that is to say, the operationperformed by the eNodeB in this embodiment may also be accomplished bythe central node, for example, the central node may also serve as a nodefor selecting a CN node, that is, the central node is connected to eacheNodeB, and when the UE accesses the eNodeB, the eNodeB does not selecta CN node, but sends a message to the central node, and the central nodeselects a CN node, for example, an MME. In this way, it only needs toconfigure the configuration information of the MME to the central node,without sending the configuration information to the eNodeB, that is tosay, each MME only needs to exchange information with the central nodewhen S1 setup or configuration information is changed, that is, when anLAC or GUMMEI is changed. For example, if the MME pool has 10 MMEs and200 eNodeBs, when an LAC is changed, 10 MMEs only need to send aconfiguration message regarding changed configuration to the centralnode, the number of messages is only 10, and it does not need to sendthe configuration message regarding changed configuration to the 200eNodeBs, thereby greatly reducing the number of messages transmitted inthe network.

The first embodiment has the following beneficial effect: In the firstembodiment, by distinguishing the identity of the UE when accessing thenetwork, obtain information of the UE identity, and determine whetherthe information is allocated by the network or mapped by the network,and select a suitable network node for the UE according to thedetermination result, thereby preventing the failure of the UE accessinga corresponding CN node due to the changed RAT.

Embodiment 2

In the methods described in the first embodiment, access is performedaccording to a case that a cell on which the UE currently resides is notlocated in a registered Tracking Area (TA) when the UE carries the 2G/3Gidentity to access the SAE/LTE network. In the methods described in thefirst embodiment, if the cell on which the UE currently resides islocated in a registered TA, an NAS part of an RRC Connection SetupComplete message, for example, an NAS part of a TAU Request message (theNAS part of the RRC Connection Setup Complete message is referred to asan NAS message) may not carry the UE identity (UE-id), such as GUTI orP-TMSI or IMSI, that is, the UE may determine whether to carry the UEidentity in the NAS message according to whether the currently accessedTA belongs to a TA list of the UE.

That is to say, if the NAS message carries the UE identity, it isgenerally considered that the cell on which the UE currently resides isnot located in a registered TA; however, in fact, if the NAS messagecarries the UE identity, access may also be performed according to thecase that the cell on which the UE currently resides is located in aregistered TA. For example, when the UE carries the identity of the2G/3G network to access the SAE/LTE network, the NAS message can only bean Attach Request message or a TAU Request message. At this time, aslong as the two messages always carry the UE identity, even if theselected MME does not have the UE context, the selected MME may alsofind the old node by using the UE identity and obtain the UE context, orobtain the UE context from a Home Subscriber Server (HSS). Therefore,this embodiment provides another access method.

For convenience of description, the case that the cell on which the UEcurrently camps is not located in a registered TA is referred to as “TANot Registered Case” below, and the case that the cell on which the UEcurrently camps is located in a registered TA is referred to as “TARegistered Case”. It should be noted that, to better describe thetechnical solution provided by this embodiment, the “TA Registered Case”and “TA Not Registered Case” technologies are briefly introduced below,and “TA Registered Case” and “TA Not Registered Case” are technologieswhen the UE carries an identity allocated by the SAE network to accessthe SAE network.

When the UE enters an SAE Pool and uses a temporary identity allocatedby the SAE to initiate an access, the UE judges whether a currentlyaccessed cell is located in a registered area of the UE, that is, the UEdetects whether the cell on which the UE currently resides is located ina registered TA. If the cell on which the UE currently resides islocated in a registered TA, the UE in an idle mode initiates an RRCConnection Request message carrying an S-TMSI to access the SAE/LTEnetwork. Since in this case, the UE does not move out of the originalPool area, the eNodeB may directly select the original MME according tothe MMEC in the S-TMSI (if an MOCN exists, MME selection needs to beperformed according to selected PLMN-id information carried by the UE inaddition). After an RRC Connection Setup message carrying the S-TMSIreturned by the eNodeB is received, in order to reduce the message sizeand save the occupied bandwidth, an NAS message in an RRC ConnectionSetup Complete message sent by the UE to the eNodeB may not carry the UEidentity, and an RRC part of the RRC Connection Setup Complete messagemay also not carry the GUMMEI. After the eNodeB selects an MME, theeNodeB sends an Initial UE Message to the selected MME, and then the MMEobtains the UE context according to the S-TMSI. The Initial UE Messageincludes information such as the S-TMSI in the RRC Connection Requestinitiated by the UE and the NAS message in the RRC Connection SetupComplete message. If the UE detects that the cell on which the UEcurrently resides is not located in a registered TA, and the UE in theidle mode initiates an RRC Connection Request message carrying a RandomID to access the SAE/LTE network, and then receives an RRC ConnectionSetup message carrying a Random ID returned by the eNodeB. Since in thiscase, the UE may move out of or may not move out of the original Poolarea, the UE needs to carry a UE identity in an NAS message in an RRCConnection Setup Complete message sent to the eNodeB, and at the sametime carry a GUMMEI in an RRC part in the RRC Connection Setup Completemessage, so that the eNodeB may find a corresponding MME by using theGUMMEI (if an MOCN exists, the eNodeB selects an MME according to theselected PLMN-id carried by the UE and the MME Group ID and MMEC in theGUMMEI carried by the UE). If a corresponding MME (the original MME)exists, the original MME is directly selected, and if no correspondingMME exists, which indicates that the UE has changed a Pool, the eNodeBselects a new MME, and then sends an Initial UE Message to the selectedMME, and the selected MME obtains the UE context. The Initial UE Messagecontains information such as the NAS message. Reference may be made toFIGS. 9 and 10, where FIG. 9 is a flowchart of a method for accessing anSAE/LTE network by a UE using TA Registered Case, and FIG. 10 is aflowchart of a method for accessing an SAE/LTE network by a UE using TANot Registered Case.

The access method provided in this embodiment is: When the UE carries a2G/3G identity to access an SAE system, the UE firstly maps the 2G/3Gidentity to an SAE identity format, and then accesses according to theTA Registered Case, that is, the UE carries a mapped S-TMSI in aninitiated RRC Connection Request message, and does not carry a GUMMEI inthe RRC part in the RRC Connection Setup Complete message. The NASmessage in the RRC Connection Setup Complete message may always carrythe UE identity, and at this time, the eNodeB may not carry an S-TMSI inan Initial UE Message (the first Initial UE Message) sent to the MME.Alternatively, the UE judges whether the currently accessed cell islocated in a registered TA, and if the currently accessed cell islocated in a registered TA, the NAS message in the RRC Connection SetupComplete message does not carry the UE identity, and if the currentlyaccessed cell is not located in a registered TA, the NAS message in theRRC Connection Setup Complete message carries the UE identity.

Definitely, before the UE accesses the SAE network, the UE may alsojudge whether the UE identity used for access is allocated by the SAEnetwork or mapped, and if the UE identity is mapped, the operationsdescribed in the method are performed, that is, the mapped S-TMSI iscarried in the RRC Connection Request message sent by the UE to theeNodeB, and the GUMMEI is not carried in the RRC Connection SetupComplete message sent to the eNodeB; otherwise, if the UE identity isallocated by the SAE network, it is judged whether the area accessed bythe UE belongs to the registered area of the UE. If the area accessed bythe UE belongs to the registered area of the UE, the access of the TARegistered Case is performed, and if the area accessed by the UE doesnot belong to the registered area of the UE, the access of the TA NotRegistered Case is performed. Reference may be made to the relevantdescription of “TA Registered Case” and “TA Not Registered Case” in thisembodiment, so the details will not be described herein again.

It should be noted that, since the eNodeB needs to distinguish whetherthe RRC Connection Request message carries the S-TMSI or the Random ID,it needs to define an identity in the S-TMSI and the Random ID, forexample, the identity is named as a Distinguishing Mark, having a sizeof 8 bits, and if digits on the 8 bits are all 1s, it is determined thatthe RRC Connection Request message carries the Random ID, and if thedigits on the 8 bits are not all 1s, it is determined that the RRCConnection Request message carries the S-TMSI. The Distinguishing Markis located at the MMEC part of the S-TMSI and the first 8 bits of theRandom ID.

Since when the UE carries the mapped identity to access the SAE network,the MMEC part of the S-TMSI is mapped from the NRI which may be all 1s,and the eNodeB may make a false determination that the Random ID isreceived; therefore, the NRI need to be defined to be not all 1s.

Definitely, the UE may not need to judge whether the currently accessedcell belongs to the registered area of the UE, or not need to judgewhether the UE identity carried by the UE is allocated by the SAEnetwork or mapped, but always use the TA Registered Case, that is, theS-TMSI is always carried in the RRC Connection Request message sent tothe eNodeB, and then the UE identity is always carried in the NASmessage in the RRC Connection Setup Complete message for any case, andthe S-TMSI carried in the RRC Connection Request is merely used for theeNodeB to select an MME, and does not need to be carried on the S1interface, that is, the Initial UE Message sent by the eNodeB to the MMEdoes not carry S-TMSI information, thereby reducing the message traffic,and saving the occupied bandwidth. However, the deficiencies of thismethod lie in that, when the UE changes the Pool, if the new Pool alsohas an MMEC with the same serial number, the eNodeB directly selects anMME corresponding to the MMEC with the same serial number from the newPool, rather than select a new MME based on principles such as loadbalancing. Alternatively, the “TA Not Registered Case” may also bealways used for accessing the SAE/LTE network, that is, the UE alwayscarries the Random ID in the RRC Connection Request message sent to theeNodeB, and carries the GUMMEI in the RRC part of the subsequent RRCConnection Setup Complete message, and carries the UE identity in theNAS message of the RRC Connection Setup Complete message, but in thiscase, the process of initiating a Service Request by the UE is not soquick, because the length of the Service Request is generally limited,so as to initiate the access as quickly as possible.

It should be noted that, the above illustration is given by taking theuse of an eNodeB as the RAN node and an MME as a CN node, the RAN nodemay also be other devices having similar functions to the eNodeB, andthe CN node may also be other devices having similar functions to theMME.

The second embodiment has the following beneficial effect: In the secondembodiment, the S-TMSI is carried in the RRC Connection Request messageinitiated by the UE, and then a suitable CN node is selected for the UEaccording to the S-TMSI, thereby preventing the failure of the UEaccessing a corresponding CN node due to the changed RAT; meanwhile, inthis embodiment, the RRC Connection Setup Complete message does notcarry the GUMMEI, thereby reducing the message traffic, and saving theoccupied bandwidth.

Embodiment 3

In this embodiment, an LAC and an MMEGI are distinguished by setting,for example, the LAC and the MMEGI can be distinguished by setting a bitin the LAC and a corresponding bit in the MMEGI to have differentvalues. This embodiment illustrates that, when the UE accesses an MME byusing the GUTI, a specific access method may include attach or TAU. Ifthe MME has the UE context, the MME finds the UE by using the GUTI; ifthe MME has no UE context, the MME finds an old MME by using the GUMMEIin the GUTI, for example, finds the old MME by using a Domain NameSystem (DNS), and sends a Context Request containing the GUTI or anIdentification Request containing the GUTI to the old MME, and the oldMME finds the UE Context by using the GUTI, and returns the UE contextor IMSI information of the UE to the MME. When the UE accesses the MMEby using a GUTI mapped from the old RAI/P-TMSI or TLLI, the MME or DNSneeds to distinguish whether the GUTI is allocated by the network, forexample, by an SAE network, or mapped. If it is determined that the GUTIis a mapped GUTI, the old RAI/P-TMSI or TLLI/old RAI of the 2G networkis reconstructed from the GUTI (if the old SGSN is a 2G SGSN). An oldSGSN is found by using the old RAI or using the old RAI and NRI, and aContext Request containing the old RAI, P-TMSI or TLLI, or anIdentification Request containing the old RAI, P-TMSI or TLLI is sent tothe old SGSN. The old SGSN finds the UE context by using the old RAI andP-TMSI or using the TLLI, and returns the UE context or IMSI informationof the UE to the MME.

Referring to FIG. 2, the UE sends a TAU Request message containing theGUTI to the MME, and the MME checks whether the GUTI is an real GUTI,that is, real GUTI allocated by the SAE network to the UE, or a mappedGUTI. If the GUTI is the real GUTI, the MME sends a Context Request(GUTI, complete TAU Request message) to the old MME to obtain thecontext from the old MME, and the old MME finds the UE context by usingthe GUTI. The complete TAU Request message is a TAU Request message sentby the UE, and if the message has integrity protection, the message issent to the old MME, for the old MME to check integrity protection, andif the validation is successful, the UE context is returned to a newMME. If the MME checks that the GUTI is a mapped GUTI, the MME sends aContext Request (old RAI, P-TMSI or TLLI) to the old SGSN, and the oldSGSN finds the UE context according to the old RAI and P-TMSI oraccording to TLLI.

As for security and integrity protection, when the UE accesses the SAEsystem by using the mapped GUTI, the following methods may be adopted.

1. Since the old SGSN does not have an integrity protection parameter ofthe SAE system, the MME may, according to that the GUTI is a mappedGUTI, not send the TAU Request message to the old SGSN. Or

2. No matter whether the GUTI is a mapped identity, the MME always sendsthe TAU Request message to the old node, for example, the old SGSN, torequest for validation, but the old SGSN does not validate the message,and returns information indicating that the validation fails or novalidation is performed to the MME, so that the MME performs asecurity-related process. If the MME does not have the UE context, forexample, the Additional GUTI indicates other MMEs, the other MMEs mayperform a security-related process, or the MME finds the UE contextstored therein according to the Additional GUTI, and performs securityvalidation on the UE, or the MME initiates a security validation processto the UE. Or

3. If the Additional GUTI carried by the UE indicates that the UEcontext is in the accessed MME, the accessed MME performs securityvalidation on the UE, and if the security validation is successful, theContext Request or Identification Request sent to the old SGSN carriesinformation indicating that the UE is already validated. Or

4. If the Additional GUTI indicates other MMEs, the new MME obtains asecurity context from the MME indicated by the Additional GUTI, and thenew MME performs security validation on the UE according to the obtainedsecurity context; or the new MME sends an Attach Request message or TAURequest message to the MME indicated by the Additional GUTI forvalidation. Or

5. If the UE carries the mapped GUTI for access, the UE does not performintegrity protection on messages such as the TAU Request message orAttach Request message. Or

6. If the UE carries the mapped GUTI for access, the UE carries a P-TMSISignature field allocated by the SGSN, and sends the P-TMSI Signaturefield to the network, and the MME receives P-TMSI Signature field andthen sends the P-TMSI Signature field to the old SGSN so as to validatethe UE. That is to say, if the UE carries the GUTI mapped from the oldRAI/P-TMSI or the GUTI mapped from TLLI to access the SAE system, the UEcarries the P-TMSI Signature IE, and the MME also carries the P-TMSISignature IE in the Context Request message sent to the old SGSN, so asto request the old SGSN to validate the UE.

The above security problem may also be applied to the followingembodiment that the UE carries a mapped GUTI and accesses an SAE systemor the UE carries a mapped old RAI/P-TMSI (or TLLI)/P-TMSI Signature andaccesses a 2G/3G network (the positions of the MME and SGSN needs to beinterchanged).

Embodiment 4

The difference between this embodiment and the third embodiment lies inthat, in this embodiment, the MME directly maps the GUTI. In thisembodiment, the MME maps or reconstructs the GUTI into the oldRAI/P-TMSI (or TLLI)/P-TMSI Signature or old RAI/P-TMSI, or the P-TMSImay also be in the form of TLLI, and the MME obtains the context fromthe old entity, for example, an old MME or old SGSN, by using the oldRAI/P-TMSI (or TLLI)/P-TMSI Signature. If the old entity is an old MME,the old MME maps or reconstructs the old RAI/P-TMSI into a GUTI so as toobtain the UE context; and if the old entity is an old SGSN, the oldSGSN directly finds the UE context according to the old RAI/P-TMSI (orTLLI), P-TMSI Signature, for which reference may be made to FIG. 3.

Embodiment 5

The difference between this embodiment and the third embodiment lies inthat, in this embodiment, after it is judged that the GUTI is a mappedGUTI, different operations are performed according to whether acorresponding old SGSN is an S4 SGSN or a Gn/Gp SGSN. In thisembodiment, different operations are performed by an access nodedetermined whether the old node is an MME/S4-SGSN or Gn/Gp SGSN. Forexample, when the UE accesses the MME by using the GUTI mapped from theold RAI/P-TMSI, a specific access method may be an Attach or TAU method.If the MME knows that the old SGSN is an S4 SGSN, for example, byquerying a DNS, or according to that the interface is a GTP-v2 basedinterface, the MME sends a Context Request containing the GUTI or anIdentification Request containing the GUTI to the old SGSN, and the oldSGSN reconstructs the old RAI and P-TMSI from the GUTI, or reconstructsthe old RAI and P-TMSI TLLI from the GUTI according to the GUTI, obtainsthe UE context by using the old RAI and P-TMSI or using the old RAIand/or TLLI, and returns the UE context or IMSI to the MME. If the MMEknows that the old SGSN is a Gn/Gp SGSN such as a Pre-R8 SGSN, forexample, by querying a DNS, or according to that the interface is aGTP-v1 or v0 based interface, the MME reconstructs the old RAI/P-TMSI(or TLLI), and sends an SGSN Context Request (old RAI, P-TMSI or TLLI)or an Identification Request (old RAI, P-TMSI or TLLI) to the old SGSN,and the old SGSN finds the UE context by using the old RAI and P-TMSI(or TLLI) and returns the UE context to the MME.

Referring to FIG. 4, if during SAE Attach, the TIN of the UE is set asP-TMSI or TLLI or a temporary identity used by the UE during a previousDetach process in a 2G/3G network, the UE needs to use a GUTI mappedfrom the old RAI/P-TMSI (P-TMSI may also be TLLI) to access the SAEsystem; after receiving the mapped GUTI, the MME may directlyreconstruct the old RAI/P-TMSI (or TLLI) from the mapped GUTI, or judgewhether the old SGSN is an S4 SGSN or a Gn/Gp SGSN. If the old SGSN isan S4 SGSN, the UE may obtain the IMSI and context from the S4 SGSNthrough an Identification Request (GUTI, complete Attach Requestmessage), and the S4 SGSN reconstructs the old RAI/P-TMSI (or TLLI) fromthe GUTI, and finds the UE context and returns the IMSI. If the old SGSNis a Gn/Gp SGSN, the MME uses the reconstructed old RAI/P-TMSI (or TLLI)to obtain information from the old SGSN through an IdentificationRequest carrying the old RAI/P-TMSI (or TLLI). Definitely, if atemporary identity allocated by the accessing RAT exists, the UE mayalso use the temporary identity allocated by the accessing RAT duringthe Attach process, regardless of the indication of the TIN; and if notemporary identity allocated by the accessing RAT exists, a temporaryidentity of another RAT is used, or if no temporary identity of any RATexists, the IMSI is used for access. If the GUTI is the real GUTI, theIdentification Request message may need to carry a complete AttachRequest message from the UE, so as to enable the old MME to performintegrity protection validation; and if the MME finds that the GUTI is amapped GUTI, the MME does not need to carry the Attach Request messagein the Identification Request message sent to the SGSN, and needs toperform security validation on the UE.

As for the security-related problem, if the Additional GUTI orAdditional RAI/P-TMSI carried by the UE indicates that the UE locallyhas the context, the UE performs a security process such as integrityprotection validation locally, so that an access entity, for example, anMME or SGSN, does not need to require the old entity indicated by theTIN, for example, an old MME or old SGSN, to perform integrityprotection validation, and if the UE already performs integrityprotection validation locally, the access entity carries informationindicating that the UE is already validated in the Context Request, theold entity does not need to validate the UE. Otherwise, if the UE doesnot have the UE context in the local access entity, and the old entityindicated by the TIN and the access entity are the same RAT, the accessentity may require the old entity to perform integrity protectionvalidation on the UE, for example, the access entity sends the messagesent by the UE to the old entity for validation by the old entity. So,if the Additional GUTI or Additional RAI/P-TMSI carried by the UEindicates that the UE locally has the context, the access entity may notrequire the old entity to perform the security process on the UE, forexample, the access entity does not send the message sent by the UE tothe old entity; alternatively, the access entity requires the old entityto perform the security process on the UE, but if the old entity cannotperform the validation (for example, the old entity and the accessentity are not the same RAT), the old entity returns informationindicating that the validation is not successful or is not completed, soas to require the access entity to validate the UE. Moreover, if the TINof the UE indicates “P-TMSI” or “TLLI”, the UE needs to carry the P-TMSISignature during Attach or TAU/RAU access, so as to perform securityvalidation on the UE, that is, the access entity sends the P-TMSISignature to the old entity to validate the UE; otherwise, if the TIN ofthe UE indicates “GUTI”, the UE needs to carry the P-TMSI Signature whenaccessing a 2G/3G network, because a part of information of the GUTIneeds to be mapped to the P-TMSI Signature.

Embodiment 6

The difference between this embodiment and the third embodiment lies inthat, in the third embodiment, the UE accesses an MME by using the GUTI,while in this embodiment, the UE carries the old RAI/P-TMSI/P-TMSISignature to access an SGSN, where P-TMSI may also be TLLI. When the UEcarries the old RAI/P-TMSI (or TLLI)/P-TMSI Signature to access theSGSN, the SGSN or DNS finds an old MME or old SGSN according to thedifference between the real old RAI/P-TMSI (or TLLI)/P-TMSI

Signature and the mapped identity, for example, difference between a bitof the MMEGI and a bit of the LAC. The SGSN may always obtain thecontext from the old entity by using the old RAI/P-TMSI/P-TMSISignature. If the old entity is an MME, the SGSN sends an SGSN ContextRequest containing the old RAI, P-TMSI/TLLI, and P-TMSI Signature, tothe old MME, and the old MME reconstructs a GUTI, finds and returns theUE context, and returns EPS Context or 2G/3G Context according to theinterface or the content of the Context Request.

Referring to FIG. 5, the UE accesses the SGSN by sending an RAU Requestmessage, that is, by using the old RAI, P-TMSI/TLLI, and P-TMSISignature. If the UE uses the old RAI, P-TMSI/TLLI, and P-TMSI Signaturemapped from the GUTI for access, the SGSN finds the address of the oldMME, and sends a Context Request carrying (old RAI, P-TMSI/TLLI, P-TMSISignature) message to the old MME, and the old MME reconstructs the GUTIaccording to the old RAI, P-TMSI/TLLI, and P-TMSI Signature, finds andreturns the UE context. Moreover, since the old MME does not have P-TMSISignature information, the UE may be validated by using the followingmethods.

1. The old MME carries information indicating that the security of theUE is not validated in the returned Context Response, for example,carries a Cause value of ‘P-TMSI signature mismatch’, so that the SGSNrevalidate the UE.

2. Alternatively, if the SGSN does not have the UE context and the SGSNknows that the old node corresponding to the old RAI, P-TMSI/TLLI, andP-TMSI Signature indicated by the TIN is an old MME, the SGSN alwaysvalidates the UE, and carries “MS Validated” information in the ContextRequest sent to the old MME to indicate that the validation of the UE isalready successful. If the SGSN has the UE context, and the UE contextcan be found by using the Additional RAI/P-TMSI, the SGSN firstlyvalidates the UE, and if the validation is successful, the SGSN carries“MS Validated” information in the Context Request sent to the old MME toindicate that the UE already passes the validation.

Embodiment 7

The difference between this embodiment and the sixth embodiment lies inthat, in the sixth embodiment, the old MME reconstructs the GUTI fromthe old RAI/P-TMSI/P-TMSI Signature, where P-TMSI may be TLLI. In thisembodiment, if the old entity is an old MME, the SGSN reconstructs theGUTI from the old RAI/P-TMSI (or TLLI)/P-TMSI Signature. Referring toFIG. 6, the SGSN knows whether the old entity is an MME or an SGSN, andif the old entity is an MME, the S4 SGSN reconstructs the GUTI, andsends a Context Request (GUTI) to the old MME, and the old MME finds theUE context according to the GUTI, and returns the UE context.

The security problem is similar to that in the third to sixthembodiments, and if the SGSN locally has the UE context, the SGSNvalidates the P-TMSI Signature; and if the SGSN does not have the UEcontext and finds that the old entity is an MME, the SGSN alwaysinitiates a security process, and the SGSN reconstructs the GUTI, andrequests the old MME for the UE context.

The access node may distinguish whether a temporary identity is anoriginal temporary identity or a mapped identity, and a DNS may also beused to analyze the temporary identity, and then feed back to the accessnode whether the temporary identity is a mapped identity. If the addressof the old node translated by the access node and the DNS is wrong, thetranslated old node continues finding the real old node after receivingthe Context Request, and relays the message to the real old node.

Moreover, in the prior art, the UE may also carry an Additional TMSI(additional temporary identity), that is, the UE carries an AdditionalGUTI when accessing the SAE network, and carries an Additional oldRAI/P-TMSI when accessing the 2G/3G network, where P-TMSI may also beTLLI. The function of the Additional TMSI is finding the UE context thatpossibly exists in the access RAT entity as possible, and obtaining thecontext by using the temporary identity indicated by the TIN, so thatthe obtained context can be directly combined with the UE context in thecurrent RAT entity. Otherwise, the access RAT needs to query againwhether the current RAT entity has the UE context according to the IMSIinformation in the obtained context, and then combines the contexts,which leads to higher complexity. In fact, the Additional TMSI does notneed to be carried in the following cases so as to save the airinterface resources: periodic location update (Periodic TAU or PeriodicRAU) or TAU or RAU in a handover process; or the temporary identityindicated by the TIN is consistent with the Additional temporaryidentity, that is, the TIN indicates the temporary identity of theaccess RAT; or the UE has the temporary identity of the access RATduring the Attach process.

Through the above embodiments of the present invention, the processingby each node on the temporary identity is specified. The followingeffects can be achieved.

The real GUTI can be distinguished from the mapped GUTI, and the realold RAI/P-TMSI (or TLLI) can be distinguished from the mapped oldRAI/P-TMSI (or TLLI). For example, a bit is set in the LAC and theMMEGI, which is always 0 in the LAC, and always 1 in the MMEGI.

When the UE uses the GUTI mapped from the old RAI/P-TMSI to access anSAE network, the eNodeB knows through distinguishing that the UE usesthe old RAI/P-TMSI for access, and selects an MME corresponding to theNRI as possible; or the eNodeB determines, by detecting whether the LACis configured, whether to select the MME corresponding to the NRI orreselect an MME.

When the UE uses the GUTI mapped from the old RAI/P-TMSI to access anMME, the MME knows that the GUTI is a mapped GUTI, reconstructs the oldRAI/P-TMSI/TLLI, finds the old SGSN by using the old RAI and NRI, andsends a Context Request message (old RAI, P-TMSI/TLLI) to the old SGSN,and the old SGSN finds the UE context by using the old RAI andP-TMSI/TLLI, and returns the UE context to the MME.

Alternatively, when the UE uses the GUTI mapped from the old RAI/P-TMSIto access an MME, the MME knows that the GUTI is a mapped GUTI, andqueries whether the old SGSN is an S4 SGSN or a Gn/Gp SGSN. If the oldSGSN is an S4 SGSN, the MME sends a Context Request carrying the GUTI oran Identification Request to the old SGSN, and the old SGSN reconstructsthe old RAI, and P-TMSI/TLLI from the GUTI, finds the UE context byusing the old RAI and P-TMSI/TLLI, and returns the UE context to theMME. If the old SGSN is a Gn/Gp SGSN, the MME reconstructs the oldRAI/P-TMSI/TLLI, and sends a Context Request carrying (old RAI,P-TMSI/TLLI) to the old SGSN, and the old SGSN finds the UE context byusing the old RAI and P-TMSI/TLLI, and returns the UE context to theMME.

The Additional TMSI may not be necessary during TAU/RAU in a handoverprocess or Periodic TAU/RAU, or when the temporary identity indicated bythe TIN is consistent with the Additional temporary identity, or whenthe UE has the temporary identity of the access RAT during the Attachprocess.

When the MME and SGSN of the combined node belong to different PLMNs, orwhen an MME and an SGSN of different PLMNs establish an ISR, the UE maycarry two PLMN-ids or configurations so as to enable the RAN node toselect a corresponding CN node.

By distinguishing the identity carried by the UE is allocated by whichRAT, the RAN node or access node can perform corresponding properprocessing, so as to prevent selection of a wrong node or sendinginconsistent parameters to the corresponding node.

In an embodiment of the present invention further provides a method forallocating a network resource node to a UE, which includes:

obtaining, by a network, a mapping attribute of a temporary identitycarried by a UE; and

allocating, by the network, a network resource node to the UE accordingto the mapping attribute of the temporary identity.

Specifically, the obtaining, by the network, the mapping attribute ofthe temporary identity carried by the UE is: judging, by the network,whether the UE identity is allocated by the network or mapped.

A detailed implementation is described as follows:

when the network accessed by the UE is an SAE network, the obtaining, bythe network, the mapping attribute of the identity carried by the UE is:judging, by an eNodeB of the SAE network, whether a GUMMEI carried bythe UE or an MMEGI in the GUMMEI is allocated by the SAE network ormapped;

if the GUMMEI or MMEGI is allocated by the SAE network, the allocating,by the network, the network resource node to the UE according to themapping attribute of the identity is: selecting, by the eNodeB, an MMEaccording to the GUMMEI or according to the MMEGI and an MMEC; and

if the GUMMEI or MMEGI is mapped, the allocating, by the network, thenetwork resource node to the UE according to the mapping attribute ofthe identity is: selecting, by the eNodeB, an MME according to an MCC,an MNC and an MMEC in the GUMMEI; or selecting, by the eNodeB, an MMEaccording to the MMEC in the GUMMEI.

Alternatively, the method may also be implemented in the followingmanner:

when the network accessed by the UE is an SAE network, the obtaining, bythe network, the mapping attribute of the identity carried by the UE is:judging, by an MME of the SAE network, whether a GUTI carried by the UEis allocated by the SAE network or mapped;

if the GUTI is allocated by the SAE network, before the allocating, bythe network, the network resource node to the UE according to themapping attribute of the identity, the method further includes:obtaining, by the MME, a UE context from an old MME by using the GUTI;and

if the GUTI is mapped, before the allocating, by the network, thenetwork resource node to the UE according to the mapping attribute ofthe identity, the method further includes: reconstructing, by the MME,an old RAI/P-TMSI from the GUTI, and obtaining the UE context from anold SGSN by using the old RAI/P-TMSI, or reconstructing, by the MME, anold RAI/TLLI from the GUTI, and obtaining the UE context from the oldSGSN by using the old RAI/TLLI.

Corresponding to the above description of the method embodiments, anembodiment of the present invention further provides a UE, which doesnot perform integrity protection on an access message when accessing anSAE system by using a mapped GUTI.

Referring to FIG. 7, a network device includes an identity attributeobtaining module 701 and a network resource node allocation module 702.The identity attribute obtaining module 701 is configured to distinguishwhether a UE uses a mapped temporary identity or an real temporaryidentity. The real temporary identity is an identity allocated by thenetwork side. The network node may be an RAN node.

The network resource node allocation module 702 is configured toallocate a network resource node to the UE according to the attribute ofthe temporary identity of the UE, that is, according to whether theidentity of the UE is allocated by the network or mapped. The networkside node is an MME, an SGSN or a CN node.

Through the descriptions of the preceding embodiments, those skilled inthe art may understand that the present invention may be implemented byusing hardware only or by using software and a necessary universalhardware platform. Based on such understandings, all or part of thetechnical solution under the present invention that makes contributionsto the prior art may be essentially embodied in the form of a softwareproduct. The software product may be stored in a storage medium, whichcan be a magnetic disk, a Compact Disk Read-Only Memory (CD-ROM), aRead-Only Memory (ROM) or a Random Access Memory (RAM). The softwareproduct includes a number of instructions that enable a computer device(personal computer, server, or network device) to execute the methodsprovided in the embodiments of the present invention.

It should be noted that the above descriptions are merely some exemplaryembodiments of the present invention, and person having ordinary skillin the art may make various improvements and refinements withoutdeparting from the spirit of the invention. All such modifications andrefinements are intended to be covered by the present invention.

1. A method for access, characterized by comprising: when a userequipment (UE) accesses a System Architecture Evolution (SAE) network,judging, by a Mobility Management Entity (MME), whether a Global UniqueTemporary Identity (GUTI) carried by the UE is allocated by the SAEnetwork or mapped from a temporary identity of a Second Generation/ThirdGeneration (2G/3G) network; if the GUTI is allocated by the SAE network,obtaining, by the MME, a UE context from an old MME by using the GUTI;and if the GUTI is mapped, reconstructing, by the MME, an old RoutingArea Identification (old RAI) and a Packet Temporary Mobile SubscriberIdentity (P-TMSI) from the GUTI, and obtaining the UE context from anold Serving General Packet Radio Service (GPRS) Support Node (old SGSN)by using the old RAI and P-TMSI, or reconstructing, by the MME, an oldRAI and a Temporary Logical Link Identity (TLLI) from the GUTI, andobtaining the UE context from the old SGSN by using the old RAI andTLLI.
 2. The method for access according to claim 1, wherein thejudging, by the MME, whether the GUTI carried by the UE is allocated bythe SAE network or mapped comprises: determining, by the MME, whetherone or more bits of a Mobility Management Entity Group Identity (MMEGI)in the GUTI is for indication of an MMEGI or for indication of aLocation Area Code (LAC); if the one or more bits of the MMEGI in theGUTI is for indication of an MMEGI, judging that the GUTI is allocatedby the SAE network; and if the one or more bits of the MMEGI in the GUTIis for indication of an LAC, judging that the GUTI is mapped.
 3. Themethod for access according to claim 1, wherein the obtaining the UEcontext from the old SGSN by using the old RAI and P-TMSI, or theobtaining the UE context from the old SGSN by using the old RAI and TLLIcomprises: if the MME has the UE context, validating, by the MME,integrity protection of a request message of the UE when accessing theSAE network; if the integrity protection is validated, sending, by theMME, a Context Request to the old SGSN, wherein the Context Requestcarries a validation message; and returning, by the old SGSN, the UEcontext to the MME according to the validation passed message.
 4. Themethod for access according to claim 1, wherein the obtaining the UEcontext from the old SGSN by using the old RAI and P-TMSI comprises:according to an indication of an Additional GUTI carried by the UE,sending, by the MME, a request message of the UE when accessing the SAEnetwork to an MME having the UE context; returning, by a first MMEhaving the UE context, a validation result of integrity protection ofthe request message to the MME; if the validation is successful,sending, by the MME, a Context Request to the old SGSN, wherein theContext Request carries the old RAI, the P-TMSI, and a successfulvalidation message; and returning, by the old SGSN, the UE context tothe MME according to the old RAI, the P-TMSI, and the successfulvalidation message.
 5. The method for access according to claim 1,wherein the obtaining the UE context from the old SGSN by using the oldRAI and the TLLI comprises: according to an indication of an AdditionalGUTI carried by the UE, sending, by the MME, a request message of the UEwhen accessing the SAE network to an MME having the UE context;returning, by the MME having the UE context, a validation result ofintegrity protection of the request message to the MME; if thevalidation is successful, sending, by the MME, a Context Request to theold SGSN, wherein the Context Request carries the old RAI, the TLLI, anda successful validation message; and returning, by the old SGSN, the UEcontext to the MME according to the old RAI, the TLLI, and thesuccessful validation message.
 6. The method for access according toclaim 1, wherein the obtaining the UE context from the old SGSN by usingthe old RAI and the P-TMSI comprises: according to an indication of anAdditional GUTI carried by the UE, obtaining, by the MME, a securitycontext from an MME having the UE context; validating, by the MME,integrity protection of a request message of the UE when accessing theSAE network according to the security context; if the validation issuccessful, sending, by the MME, a Context Request to the old SGSN,wherein the Context Request carries the old RAI, the P-TMSI, and asuccessful validation message; and returning, by the old SGSN, the UEcontext to the MME according to the old RAI, the P-TMSI, and thesuccessful validation message.
 7. The method for access according toclaim 1, wherein the obtaining the UE context from the old SGSN by usingthe old RAI and the TLLI comprises: according to an indication of anAdditional GUTI carried by the UE, obtaining, by the MME, a securitycontext from an MME having the UE context; validating, by the MME,integrity protection of a request message of the UE when accessing theSAE network according to the security context; if the validation issuccessful, sending, by the MME, a Context Request to the old SGSN,wherein the Context Request carries the old RAI, the TLLI, and asuccessful validation message; and returning, by the old SGSN, the UEcontext to the MME according to the old RAI, the TLLI, and thesuccessful validation message.
 8. The method for access according toclaim 1, wherein the method further comprises: if the GUTI is mapped andthe UE accesses the SAE network by a Tracking Area Update (TAU) Requestmessage or an Attach Request message, the UE does not perform integrityprotection on the TAU Request message or the Attach Request message. 9.The method for access according to claim 1, wherein the method furthercomprises: if the GUTI is mapped, when the UE accesses the SAE network,the UE carries a P-TMSI Signature information element (IE), and the MMEcarries the P-TMSI Signature IE in a Context Request sent to the oldSGSN, so as to request the old SGSN to validate the UE.
 10. The methodfor access according to claim 1, wherein further comprising: allocating,by an eNodeB, a network resource node to the UE according to whether theGUTI carried by the UE is allocated by the SAE network or mapped. 11.The method for access according to claim 10, wherein the allocating, byan eNodeB, a network resource node to the UE according to whether theGUTI carried by the UE is allocated by the SAE network or mappedcomprises: selecting, by the eNodeB, an MME according to a GloballyUnique Mobility Management Entity Identifier (GUMMEI) in the GUTI oraccording to the MMEGI and an Mobility Management Entity Code (MMEC) inthe GUTI, if the GUTI is allocated by the SAE network; or selecting, bythe eNodeB, an MME according to a Mobile Country Code (MCC), a MobileNetwork Code (MNC) and an MMEC in a GUMMEI in the GUTI or according toan MMEC in the GUMMEI in the GUTI, if the GUTI is mapped.
 12. A networkdevice, comprising a processor, wherein the processor is configured toperform the acts of: judging whether a Global Unique Temporary Identity(GUTI) carried by a user equipment (UE) is allocated by the SAE networkor mapped, when the UE accesses a System Architecture Evolution (SAE)network from a temporary identity of the Second Generation/ThirdGeneration (2G/3G) network; obtaining a UE context from an old MME byusing the GUTI, if the judging module judges that the GUTI is allocatedby the SAE network; and reconstructing an old Routing AreaIdentification (old RAI) and a Packet Temporary Mobile SubscriberIdentity (P-TMSI) from the GUTI and obtaining the UE context from an oldServing General Packet Radio Service (GPRS) Support Node (old SGSN) byusing the old RAI and P-TMSI, if the GUTI is mapped, or reconstructingan old RAI and a Temporary Logical Link Identity (TLLI) from the GUTIand obtaining the UE context from the old SGSN by using the old RAI andTLLI, if the GUTI is mapped.
 13. The network device according to claim12, wherein the act of judging whether a GUTI carried by a UE isallocated by the SAE network or mapped, when the UE accesses an SAEnetwork comprises the acts of: determining whether one or more bits of aMobility Management Entity Group Identity (MMEGI) in the GUTI is forindication of an MMEGI or for indication of a Location Area Code (LAC);judging that the GUTI is allocated by the SAE network, if the one ormore bits of the MMEGI in the GUTI is for indication of an MMEGI; andjudging that the GUTI is mapped, if the one or more bits of the MMEGI inthe GUTI is for indication of an LAC.
 14. The network device accordingto claim 12, wherein the act of reconstructing an old RAI and a P-TMSIfrom the GUTI and obtaining the UE context from an old SGSN by using theold RAI and P-TMSI, if the GUTI is mapped, or reconstructing an old RAIand a TLLI from the GUTI and obtaining the UE context from the old SGSNby using the old RAI and TLLI, if the GUTI is mapped comprises acts of:validating integrity protection of a request message sent by the UE whenaccessing the SAE network, if the MME has the UE context; and sending aContext Request to the old SGSN, if the validation is successful,wherein the Context Request carries a successful validation message, soas for the old SGSN to return the UE context to the MME according to thesuccessful validation passed message.
 15. A method for access,characterized by comprising: when a user equipment (UE) accesses aSecond Generation/3rd Generation (2G/3G) network, finding, by a ServingGeneral Packet Radio Service (GPRS) Support Node (SGSN), an address ofan old Mobility Management Entity (MME) according to an old Routing AreaIdentification (old RAI) and a Packet Temporary Mobile SubscriberIdentity (P-TMSI) carried by the UE or according to a Temporary LogicalLink Identity (TLLI) carried by the UE; and reconstructing, by the oldMME, a Global Unique Temporary Identity (GUTI) from the old RAI andP-TMSI or from the TLLI and a P-TMSI Signature; and obtaining, by theMME, the UE context according to GUTI and returning the UE context tothe SGSN.
 16. A communication system, characterized by comprising: aServing General Packet Radio Service (GPRS) Support Node (SGSN) and aMobility Management Entity (MME); wherein the SGSN comprising aprocessor, wherein the processor is configured to perform the acts of:finding an address of an old Mobility Management Entity (MME) accordingto an old Routing Area Identification (old RAI) and a Packet TemporaryMobile Subscriber Identity (P-TMSI) carried by the UE or according to aTemporary Logical Link Identity (TLLI) carried by the UE, when a userequipment (UE) accesses a Second Generation/3rd Generation (2G/3G)network from an SAE network; the MME comprising a processor, wherein theprocessor is configured to perform the acts of: reconstructing a GlobalUnique Temporary Identity (GUTI) from the old RAI and P-TMSI or from theTLLI and a P-TMSI Signature; and obtaining the UE context according toGUTI and returning the UE context to the SGSN.
 17. A network device,characterized by comprising: an identity attribute obtaining module,configured to obtain an attribute of a GUTI of a user equipment (UE)currently accessing an SAE network, wherein the attribute of GUTI of theUE is whether the UE identity is allocated by the network or mapped; anda network resource node allocation module, configured to allocate anetwork resource node to the UE according to the attribute of the GUTIof the UE.
 18. The network device according to claim 17, wherein thenetwork resource node allocation module is specifically configured toselect an MME according to a GUMMEI in the GUTI or according to an MMEGIand an MMEC in the GUTI when the identity attribute obtaining moduleobtains the attribute that the GUTI is allocated by the SAE network; andselect an MME according to an MCC, an MNC and an MMEC in a GUMMEI in theGUTI or according to an MMEC in a GUMMEI in the GUTI when the identityattribute obtaining module obtains the attribute that the GUTI ismapped.